OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.

The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.

1. See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the ovpn_genconfig step, set -n 8.8.8.8 so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.

2. Setup the DNS container, this uses dnsmasq to block the bad hosts:

   git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh
   

   ``

3. Run the dnsmasq container:

   docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &
   

   ``

We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.

4. Run the OpenVPN container, linking to the saga-dns container:

   docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &
   

   ``

This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.

(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.

A quick script to process fdupes output and allow interactive selection of files to delete. Differs from the built-in fdupes prompts in that you can select directories to condemn.

I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:

sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s

After a day or so I read the logs and found lots of slow requests to xmlrpc.php for WordPress vhosts.

A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.

Edit your Apache vhost configuration (or .htaccess if you don’t have access to this):

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
#Allow from x.x.x.x
</FilesMatch>

I noticed considerably lower latency when serving requests to PHP pages after this change.

To create a new filter:

1. Open the µBlock dashboard by clicking the µBlock icon, then the header text that says ‘µBlock ’.

• Click ‘My filters’
• Add:

  www.facebook.com###pagelet_trending_tags_and_topics
  

• Apply Changes.

If you use Facebook, you’ve probably seen entries like this in your news feed.

They seem to just be popular posts from pages that your friends ‘like’. I find them to generally be irrelevant, so I made a user script to hide them.

It was an interesting opportunity to poke around the Facebook frontend JavaScript code. I also tried out MutationObservers and built my knowledge of XPath, which is very powerful.

Code is in the Hide_Facebook_Like_News.user.js Gist, which also explains how to use it: